I am setting up office extend with 1142 APs on a 5508 controller. All seems ok and I see my SSIDs on the remote AP. However when I try to connect I don't get a dhcp address and the connection fails. When I look at logs and some debugs I see dtls keepalive failures and the AP is actually disconnecting and re-associating with the controller.
View 24 RepliesFlex 7500
Software Version: 7.2.103.0
I have a Flex 7500 with 200 1142AP's working fine in remote office and local setup. We have since purchased 3 OEAP 602's and looking to distribute to teleworkers.
I have configured the OEAP to point to the NAT'd IP of the WLC, the OEAP does connect and is listed briefly in the WLC wireless listing but I am not able to make any configuration changes, it will then dissassociate and try the join process all over again. I have attached below the OEAP 600 event log. I see that the WLC does not support data DTLS encryption and looking to make this work.
I have tried to install the DTLS license file from the Cisco website, but says license failed to install, with no other errors.
*Jun 18 15:18:43.938: Build version 7.0.112.72 (compiled Feb 3 2012 at 01:56:39, [L]).
*Jun 18 15:18:47.859: CAPWAP State: Init.
*Jun 18 15:18:47.860: CAPWAP State: Discovery.
[Code]....
Just recently got a new 881W router. i have downloaded the 2.4 software upgrade. I go into the Office extend AP login and i get just a enter button. when i click on the enter button the AP page does not come up.
View 7 Replies View RelatedI have finally got my office extend AP to connect to my companies 5508 controller by enabling NAT on the management interface and can see all the cooperate SSID's. However when I try to connect to the SSID my client either gets a local IP address from my home router or then cannot get any IP address.
View 9 Replies View RelatedI am having an issue with internal and external clients. When we have the nat ip configured on the controller we cannot connect internal ap's at all. When we take the nat ip out it works fine. We are on code 7.0.220. I have tried the following command <config network ap-discovery nat-ip-only disable> and it did nothing.
View 1 Replies View RelatedDoes cisco 3600 support office extend feature? If yes, is there a controller requirement? I know cisco AP 600 supports office extend
View 24 Replies View RelatedI have an 1131ag AP attached to our 5508 as an OEAP over the Internet. Everything with the corporate SSIDs is working correctly, so no issue there. I was wondering if a local ssid can be configured on the AP, similar to what can be done with the OEAP600, in order to provide wireless access to the Internet only? On the WLC, on the H_REAP tab, there is a button labeled "Reset Personal SSID"
View 3 Replies View RelatedI have an 1142 CAPWAP AP running IOS 12.4(25e)JA$ on a 2504 controller running 7.2.103 that's frequently reloading. NCS is reporting the reason for the reload as 'AP Crashed Due To Software Failure'. Other 1142 APs on the same controller aren't experiencing any problems. The AP is in H-REAP mode with local switching but central auth.
View 5 Replies View RelatedIf we have a mixed environment of 4400 and 5500 controllers will the office extend features still work or will we have to run a seperate wireless domain from the 5508 for the aps that we need office extend on?
View 2 Replies View RelatedI have a situation where a user needs more than one office extend AP in his home. My office extend controller is a 5508 running 7.0.220.0. Are there any issues NATing multiple OE APs to a single address? My initial lab results indicate that each of the AP's associate with the controller and establish a DTLS tunnel. I see the SSIDs get pushed to the AP and then it seems to restart the process never being fully operational. Is there a workaround that will allow me to run mutliple OE APs?
View 12 Replies View RelatedWe're looking at deploying both office extend and also a guest wlan. Both would require a WLC in the DMZ.My question is can one 5508 WLC be both a guest anchor and have office extend APs on it at the same time?
View 2 Replies View RelatedHow the ACL Ports/Protocols which must be opened (in- and outbound) to enable a communication between a CISCO Office extend AP and a 5508 WCS.
View 3 Replies View RelatedI have attached a diagram of the current topology. At present, we have two 5508 connected to our core. We also have a 4402 behind the firewall (DMZ) just purely for guest access. So the staff users connect to the access point which in turns connects to the Staff WLC 1 (if this fails then to Staff WLC2). any guest user connect to the access point which in turn connects to Staff WLC which anchors to Guest WLC which then provides access. Since the guest is behind the DMZ they can only access the internet and not out internal network.
Now we want to office extend our network - we want our users to use 1132 AP at home to access the Infrastructure. is there a way we can do this without disturbing the existing infrastructure. On reading Cisco website, i know the best practice is to use 2 5508 (one behind the firewall and the other anchored to this access the internet network ) i thought since we have a Cisco (dmz) switch (48 port) and only the 4402 (Guest WLC) is connected to it, maybe purchase another 5508 WLC and connect to the 48 port Cisco (dmz) switch. will this work?
I have a WLC 5508 and several 1142 access points. The APs are not showing up in the WLC. When i console into the APs, im getting the following errors,
*Dec 26 23:04:28.035: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 65.125.15.212:5246
*Dec 26 23:04:28.074: %CAPWAP-5-CHANGED: CAPWAP changed state to
[Code]....
Ive tried resetting the WLC, reloading the APs. I even factory defaulted one of the APs and still getting the same message.Ive verified that the WLC is set to accept MICs and SSCs.
I need to configure a keepalive that check an url in a server (http in port 9500 not in port 80) and check the port 443 in the same server. If any of them not response . the service should go down.
View 1 Replies View RelatedI recently "inherited" a CSS 11503 - I've only used ACEs before - and I want to get HTTP keepalives working.To start, I created a test service:
lb-1# show run service sunbird-http-7025-test
!************************** SERVICE **************************
service sunbird-http-7025-test
port 7025
ip address 141.211.229.168
[code].....
I've got an issue with a CSS 11501 where, if *any* change is made to a global keepalive (active), the device reboots. The code is 08.10.2.05. I'm unable to search the TAC archive or I would've gone there first.
View 2 Replies View RelatedI have just upgraded one of our 4400 to 7.0.98.0. Most of the AP re-registered with out issues. I have two AIR-LAP1142N-E-K9 on a remote site that will not re-register.I have pointed them to another 2125 WLC (7.0.98.0) and they register fine. Point them to yet another 4400 (7.0.98.0) I get the same issue.I am getting this error when the register on the 4400s.*Jan 11 14:39:24.000: %CAPWAP-3-ERRORLOG: Selected MWAR 'abzewwlc'(index 1).*Jan 11 14:39:24.000: %CAPWAP-3-ERRORLOG: Go join a capwap controller *Jan 11 07:05:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 144.46.211.5 peer_port: 5246*Jan 11 07:06:55.000: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 144.46.211.5:5246 I suspect it may be as they both have In the client config.Then again maybe not.Configured Switch 1 Addr 158.139.177.203Configured Switch 2 Addr 144.46.214.25
Question 1 if I do a "clear config except static IP" will I still be able to telnet tp them or will they default to no telnet no ssh ?
Question 2 any idea how to get past this DTLS error ?
I have an ASA 5510 running 8.2.2 code with 30 VPN Phones connected. Of the 30 phones, I have 5 that do not negotiate DTLS and I'm having quality issues with these phones. I've checked the login process and I don't see any errors when these phone connect, they just don't even attempt DTLS. All the phones use the same VPN configuration.
View 4 Replies View RelatedMy work laptop uses a Cisco AnyConnect VPN Client (Software Version 2.5.2006). The connection protocol is DTLS.I recently upgraded to a Cisco RV180 at home at it is running the latest software version (1.0.1.9).
Since the RV180 went into service the work laptop will connect intermittantly. Usually email works but web browsing and and other services do not. It is slight strange behaviour- and seems to defy what a VPN should do......
The behaviour is very repeatable. For example from the customers office the laptop connects perfectly via VPN and if I swap back to an older inferior make of router at home VPN also works normal without changes to the laptop configuration.
I work for a large company (70,000+ employees) and we use "standard" builds so altering the laptop configuration is not really an option.
It seems to me that the RV180 doesn't support the DLTS VPN connection (indeed DLTS passthrough isn't an option in the VPN passthrough list) and is possibly blocking some incoming packets on the WAN interface.
I haven't yet tried a firewall rule to allow a DLTS (or UDP perhaps?) connection back in from the WAN side (obviously from just the IPs at my work end) but this is the only option I can think of to make this machine connect "correctly".
I've been labbing on my asa5505 at home, setting up different VPN solutions for testing purposes. However, I can't get my anyconnect client to establish a DTLS tunnel when connecting (anyconnect only shows tls, and does not display any errors about not connecting with dtls)I have set dtls port to 444 and this port is open on the other side.
View 2 Replies View RelatedWLC 5508 running 7.0.98.0
Site was running fine until the WLC had a hardware failure.
A new WLC was shipped out, was running 6.0.99 then manually upgraded to 7.0.98. Clients cannot authenticatewith recurrent logs messages like this.
*dot1xMsgTask: Feb 23 17:05:03.648: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2914 Max EAP identity request retries (3) exceeded for client 00:21:5c:<snip>*spamApTask0: Feb 23 17:05:01.926: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:629 Failed to complete DTLS handshake with peer 192.168.214.91
I have tried changing the key on the radius server to no avail.
I have Cisco AP 1142 standalone and I want this one to operate with WLC.
I have searched in Google, they said I need to upgrade AP1142.
I don't know how to upgrade it.
i have a problem using my usb to serial cable connection, i can connect to one router on my work, but i can't connect to AP 1142, (i have tested also con AP 1231).i have a laptop running windows 7 64 bits, before i use a win xp 32 bits, and i didn't have problems.i am using putty, and have installed tera term 4.74 but the same.connection details, 9600, 8, 1, N, N.
View 5 Replies View RelatedI can't get connectivity from laptop to AP using cross over or straight through cable to do a tftp transfer from tftp server on laptop to ap.
I held the mode button on ap and powered on to get to rommon. The ap has no ios so it goes to rommon anyway. ap light is blinking red.
ap: set
DEFAULT_ROUTER=10.0.0.1
IP_ADDR=10.0.0.1
NETMASK=255.255.255.224
[Code].....
After AP is booted it shows the following message and cannot able to join in WLC:
*Mar 1 07:13:37.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.71.16 peer_port: 5246
*Mar 1 07:13:37.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
[Code].....
I just converted AP 1142 to LAP using the image "c1140-rcvk9w8-tar.124-21a.JA2.tar".
The WLC is a 5500 with 2 NIC : one on 192.168.0/24, one on a specific vlan 10.20/16
The main management interface is on 192.168/24 but we defined as management the interface on the 10.20/16 network.
For the access points, we use ports on a native VLAN on 10.20/16 with other available VLANS which are used for the wlan networks
We have 1152 APs which work fine on this config but that needed to be registered on the 192.168/24 network, then we moved them in their VLAN 10/20/16 and they work fine.
We also have 1142 APs which have been upgraded to LAP. These AP do not work with our architecture. They register correctly on the 192.168/24 network, but do not give access to the wlan VLANs. If they are moved in the 10.20/16 network, they don't register to the WLC (message : Timed out while waiting for ECHO repsonse from the AP). The AP do not get an IP.
is there a restriction with VALNs on these AP ? or is something false ?
I have an 1142 AP that I am unable to set back to factory defaults.Here is what I have done so far:
- boot AP while holding down the mode button
- ap: delete flash:private-multiple-fs
- yes
- ap: boot
- when the AP boots fully I try and enter any lwap ap commands and get "ERROR!!! Command is disabled"
- the AP name and password were reset to defaults but I am unable to get the IP address cleared.
I've also tried "clear lwapp private-config" and get an error saying the command is disabled.
I need to convert some 1142 APs to lightweight mode. They will connect to controllers running 7.3.101.0. I noticed there's two options of Lightweight IOS code available c1140-k9w8-tar.152-2.JA.tar and c1140-rcvk9w8-tar.152-2.JA.tar. Whats the difference between the two versions of code?
View 4 Replies View RelatedWhen we take a look at the internal antennas on the 1142 AP, we notice the 5ghz pointed all the same way, but for the 2.4ghz we can see each offset by 45/120 degrees. It was my understanding that all antennas are omnidirectionals on the 1142, why are those 2.4ghz antennas not all pointed the same way? onfiguration advantage and that each antenna is indeed omnicadirectional? Example, if I shut just one antenna off, do I lose a sector (120degree)?
View 5 Replies View RelatedI recently purchased another 1142 AP to expand out our current wireless infrastructure, my question is, what exactly needs to be done for this to work so that users can roam freely and auto-connect to the closet AP with the best connection without getting disconnected?
I have set all the settings the exact same on the new AP to match the existing AP. (How to save the configs into a file would be great, I am not sure how to do that)... But anyhow, before I launch it, I would like to be sure I am correct so I do not bring down the existing network. Of course, the only difference between the 2 are the IP addresses. AP1 is 192.168.2.2 and AP2 is 192.168.2.3
All computers are using Linksys Wireless-N cards.
The last three new APs I have received from our supplier (official Cisco 1142 LAPs) have all successfully connected to our 4400 series WLCs but are all reporting as being in an Operational Status of 'Down' ie their A/B/G/N radios are not broadcasting even though the APs are all in an enabled state. Furthermore, there is no steady green light showing on the APs - there is no light showing whatsoever (although they were displaying the familiar red-orange-green lights while they were pulling down the IOS images from the WLCs).
The only strange thing I have noticed is that in the AP config screen, the ‘Mini IOS version’ is shown as being v7.3.x. The other – working APs – we have of the 1142 series show v3.x. I know that controller code v7.2 and above only work with the newer 5500 and 7500 series WLCs. Could this be the issue and have any of you seen this issue previously? I am running WLC code v7.0.230.0.
that cisco ap 1142 will support WLC2506 or not .
View 2 Replies View Related